Skip to content
This is the project page for:
Our click ME not phishing training tool is for end-user training as part of, perhaps, broader cybersecurity training, It is based on open source tools like many of our utilities. While there are commercial offerings in this area (phishing attack end user prevention training), they seem a little expensive, and as a practical response to various discussions, we made this one. The focus of the project is to run phishing attacks as training/guidance for public sector staff on a cost recovery basis.
click ME not is brandable to match your “house style”, cost-effective, flexible and can be customised to meet end-user training needs in terms of the type of attack, ie malicious downloads, credentials grab etc. All technical infrastructure is cloud-based in the UK, and is a fixed cost, with no upper or lower limit on email targets, it works with all email systems, including Outlook, Google G-suite/Gmail Office365, and IBM Notes.
What is phishing? Phishing is a form of fraud in which an attacker masquerades as a reputable entity or person in email (or other communication channels). The attacker then uses phishing emails to distribute malicious links or attachments that can perform a variety of functions, including the extraction of login credentials or account information from victims, or to place malware on the victim’s computer (or smart device) to try to steal money or intellectual property.
How to prevent phishing attacks? We believe end-user awareness and training is key, assuming that you have already deployed technical measures on your email system! In short, your employees should never trust an email based simply on the purported source. Cybercriminals have their methods to disguise emails. They understand how to trick their victims into thinking a sender is legitimate when the emails are really coming from a malicious source. Often an enticing or threatening language is used in the subject lines to urge immediate action. They may promise “free iPhones to the first 100 respondents,” or threaten that “your credit card will be suspended without immediate action.” Evoking a sense of panic, urgency, or curiosity is a commonly used tactic.
Our click ME not tool emulates the away the bad guys’ work. It tests and reports back on things like the percentages of your users who responded to the phishing email sent as part of your campaign, and from where and when they did so. To support your training objectives we can report back on who responded.
How do I book this service? Please use the contact form on this site. At this time we are seeking to license this product and are in talks with intermediaries. There is a cost of running this and thus we seek only to recover cost, working for the common good for the following organisations: Government domains such as .gov.uk, .police.uk .mod.uk etc, also the voluntarily academic and 3rd sector, others upon application.
Need support? Please click here.
Coded in spring 2018 running on AWS (London) Ubuntu, using Bash, PHP and HTML5, works by @cryptomoose, Rick Singh & @46fishltd, words by @waoaoms